Debian Linux vulnerabilities

CVE-2020-25656 [MEDIUM] CWE-416 CVE-2020-25656: A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem wa A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.

CVE-2020-25704 [MEDIUM] CWE-401 CVE-2020-25704: A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if usin A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.

CVE-2020-25723 [LOW] CWE-617 CVE-2020-25723: A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while p A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.

CVE-2020-15257 [MEDIUM] CWE-669 CVE-2020-15257: containerd is an industry-standard container runtime and is available as a daemon for Linux and Wind containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwi

CVE-2020-28926 [CRITICAL] CWE-120 CVE-2020-28926: ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UP ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.

CVE-2020-29394 [HIGH] CWE-787 CVE-2020-29394: A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GE A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).

CVE-2020-25624 [MEDIUM] CWE-125 CVE-2020-25624: hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.

CVE-2020-27218 [MEDIUM] CWE-226 CVE-2020-27218: In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.al In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the applicati

CVE-2020-29374 [LOW] CWE-362 CVE-2020-29374: An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.

CVE-2020-27745 [CRITICAL] CWE-120 CVE-2020-27745: Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

CVE-2020-25708 [HIGH] CWE-369 CVE-2020-25708: A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

CVE-2020-27746 [LOW] CWE-362 CVE-2020-27746: Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

CVE-2020-29129 [MEDIUM] CWE-125 CVE-2020-29129: ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE-2020-25653 [MEDIUM] CWE-362 CVE-2020-25653: A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client con A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confide

CVE-2020-25652 [MEDIUM] CWE-770 CVE-2020-25652: A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections t A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of se

CVE-2020-25651 [MEDIUM] CWE-362 CVE-2020-25651: A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in f A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confiden

CVE-2020-29130 [MEDIUM] CWE-125 CVE-2020-29130: slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount o slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

CVE-2020-29074 [HIGH] CWE-732 CVE-2020-29074: scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other tha scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

CVE-2020-25650 [MEDIUM] CWE-770 CVE-2020-25650: A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM

CVE-2020-25654 [HIGH] CWE-284 CVE-2020-25654: An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.